udev && fuse

[Auke Kok]

Samuel Verstraete wrote:
> 
> Hi,
> 
> As i like messing with sshfs i'd like to make some proposes to improve
> the usability of fuse a bit... (and make lunar a bit more conform to
> the other distro's out there)...
> 
> 1. adjust the udev rule for fuse... I know we are just using the
> default fuse rule there but i'd like to change it to this :
> -
> -KERNEL="fuse", NAME="%k", MODE="0666"
> -
> +
> +KERNEL=="fuse", NAME="%k", GROUP="fuse"
> +
> 
> So this will assign the /dev/fuse rule to the fuse group... This means
> that any user assigned to the fuse group can now use /dev/fuse and as
> such mount fuse filesystems... Having this on 666 sounds like evil to
> me... just allowing *any* user to mount custom stuff on the system
> doesn't sound to me like savety and it looks like at least Debian (the
> only one i checked) agrees with me on that...

that's wrong logic: preventing a user from mounting a directory somewhere 
within his homedirectory is like preventing a user from downloading over ftp - 
he will just move to http downloads instead. This doesn't increase security at 
all. Fuse was designed with this in mind, so they know best.

As long as fuse doesn't allow you to mount a filesystem in /var/tmp it's fine.

Of course, paranoia appeals/prevails, so I'm sure the old debian folks disagree.

> 2. Adjust the fuse BUILD script as to create a fuse usergroup with a
> low/privileged GID number
> 
> 3. Can we add something like a "cat fuse >> /etc/modules" to the
> BUILD to make sure the fuse module gets loaded? (maybe optionally with a
> question?) or would that be too much? :p

no, /etc/modules is not for lunar to be touched (no exceptions). Unless we get 
a decent infrastructure to handle this we should really leave it to the user 
(root).

I'm not super against 1) and 2) but 3) is a no-no.

Auke